From d3565daef48d774f49b52a0c7f492d895e1e8fd9 Mon Sep 17 00:00:00 2001 From: saurabhbhatia Date: Tue, 10 Dec 2013 15:00:06 +0800 Subject: [PATCH] Added a rule for submanager to allow to edit announcement once authorized --- .../panel/announcement/back_end/bulletins_controller.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb index d3f83c65..83915435 100644 --- a/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb +++ b/vendor/built_in_modules/announcement/app/controllers/panel/announcement/back_end/bulletins_controller.rb @@ -64,7 +64,9 @@ class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController # GET /bulletins/1/edit def edit @bulletin = Bulletin.find(params[:id]) - if !(is_manager? || is_admin?) + is_authorized_sub_manager = @bulletin.category.auth_sub_manager.authorized_user_ids rescue nil + + if !(is_manager? || is_admin? || is_authorized_sub_manager.include?(current_user.id)) redirect_to :action => :index else # @summary_variable = @bulletin.summary_variable